Insecure Direct Object Reference (IDOR) Vulnerability in Prestashop Opart devis < 4.0.2 Allows Unauthorized Access to User's Invoice and Delivery Address

Insecure Direct Object Reference (IDOR) Vulnerability in Prestashop Opart devis < 4.0.2 Allows Unauthorized Access to User's Invoice and Delivery Address

CVE-2020-16194 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

Learn more about our User Device Pen Test.